1 Answer
- Newest
- Most votes
- Most comments
0
Hi There
After the instance is running, modifying the KmsKeyId
parameter of the EBS
volume inside the BlockDeviceMapping
property results in instance replacement.
You cannot change the encryption key on an EBS volume. You need to take a snapshot and create new volumes with the new key See https://aws.amazon.com/premiumsupport/knowledge-center/ebs-change-encryption-key/
Can you clarify though, have you already changed the EBS encryption outside of CloudFormation?
Relevant content
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Hello, I've not updated teh KMS key yet, but will be following steps mentioned in this article and attach the new volumes to EC2 server, https://aws.amazon.com/premiumsupport/knowledge-center/ebs-change-encryption-key/
How can I avoid instance replacement.